From 328a982546a202140697700b6688da3e32dbb2de Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 3 Mar 2009 23:07:07 +0000
Subject: * Validate that the source path is authorized. * Add site warning
 message if local_import is installed an there is no   authorized directories

---
 modules/local_import/controllers/admin_local_import.php | 2 +-
 modules/local_import/controllers/local_import.php       | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

(limited to 'modules/local_import/controllers')

diff --git a/modules/local_import/controllers/admin_local_import.php b/modules/local_import/controllers/admin_local_import.php
index 8f0bbe41..79bda906 100644
--- a/modules/local_import/controllers/admin_local_import.php
+++ b/modules/local_import/controllers/admin_local_import.php
@@ -66,7 +66,7 @@ class Admin_Local_Import_Controller extends Admin_Controller {
     $view = new View("local_import_dir_list.html");
     $view->paths = array_keys($paths);
 
-    print $view->render();
+    print $view;
   }
 
   public function autocomplete() {
diff --git a/modules/local_import/controllers/local_import.php b/modules/local_import/controllers/local_import.php
index d5a1662a..9dcb108b 100644
--- a/modules/local_import/controllers/local_import.php
+++ b/modules/local_import/controllers/local_import.php
@@ -63,6 +63,12 @@ class Local_Import_Controller extends Controller {
     }
 
     $path = $this->input->post("path");
+
+    $paths = unserialize(module::get_var("local_import", "authorized_paths"));
+    if (empty($paths[$path[0]])) {
+      throw new Exception("@todo BAD_PATH");
+    }
+
     batch::operation("add", $parent);
 
     $source_path = $path[0];
-- 
cgit v1.2.3